General
-
Target
8ebee1deb3a7563a74f31fdf0fe428b3c7ba7739f79df4f1cecfc86fbf0e93ef
-
Size
178KB
-
Sample
241115-smflyavpf1
-
MD5
24569f89507e1c016aca4c18386189fd
-
SHA1
5881bb12d69c6028f2e52b66680908ab04e1d2d1
-
SHA256
8ebee1deb3a7563a74f31fdf0fe428b3c7ba7739f79df4f1cecfc86fbf0e93ef
-
SHA512
6f34f026e2474a11034749a94b2b6a038ccb36f0dce79a2e0ae3493e0f942065eebe699283e9303dcf59cd699d6a6a188edecf606141be6812131f6452723650
-
SSDEEP
3072:/L2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBUPZB0zstySfNllXeD:/L2k43tGiL3HJk96D7br0z0rllXo
Behavioral task
behavioral1
Sample
8ebee1deb3a7563a74f31fdf0fe428b3c7ba7739f79df4f1cecfc86fbf0e93ef.doc
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
8ebee1deb3a7563a74f31fdf0fe428b3c7ba7739f79df4f1cecfc86fbf0e93ef.doc
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://www.yadegarebastan.com/wp-content/mhear/
http://bikerzonebd.com/wp-admin/89gw/
http://shptoys.com/_old/bvGej/
http://www.vestalicom.com/facturation/qgm0t/
http://www.aliounendiaye.com/wp-content/f3hs6j/
Targets
-
-
Target
8ebee1deb3a7563a74f31fdf0fe428b3c7ba7739f79df4f1cecfc86fbf0e93ef
-
Size
178KB
-
MD5
24569f89507e1c016aca4c18386189fd
-
SHA1
5881bb12d69c6028f2e52b66680908ab04e1d2d1
-
SHA256
8ebee1deb3a7563a74f31fdf0fe428b3c7ba7739f79df4f1cecfc86fbf0e93ef
-
SHA512
6f34f026e2474a11034749a94b2b6a038ccb36f0dce79a2e0ae3493e0f942065eebe699283e9303dcf59cd699d6a6a188edecf606141be6812131f6452723650
-
SSDEEP
3072:/L2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBUPZB0zstySfNllXeD:/L2k43tGiL3HJk96D7br0z0rllXo
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-